GSSAPI is an acronym; it stands for Generic Security Services Application
Programming Interface.

The GSSAPI is a generic API for doing client-server authentication. The
motivation behind it is that every security system has it's own API, and the
effort involved with adding different security systems to applications is
extremely difficult with the variance between security APIs. However, with a
common API, application vendors could write to the generic API and it could
work with any number of security systems.

How does this relate to Kerberos? Included with most major Kerberos 5
distributions is a GSSAPI implementation. Thus, if a particular application
or protocol says that it supports the GSSAPI, then that means that it
supports Kerberos, by virtue of Kerberos including a GSSAPI implementation.

The relevant standards for GSSAPI include:

   * RFC 2743 - Generic Security Services Application Program Interface
     Version 2, Update 1.
     <http://www.ietf.org/rfc/rfc2743.txt>

   * RFC 1509 - Generic Security Service API: C-bindings
     <http://www.ietf.org/rfc/rfc1509.txt>

   * RFC 1964 - The Kerberos Version 5 GSS-API Mechanism
     <http://www.ietf.org/rfc/rfc1964.txt>

In terms of programming guides, the only one available that I know about is
the one from Sun Microsystems. It seems fairly complete and is a excellent
starting point:

   * <http://docs.sun.com:80/ab2/coll.610.1/GSSAPIPG/>

Some parts © 2009 Advameg, Inc.